Supported Features

ImportantIdentity Cloud's 2FA feature is currently in Limited Availability. Please contact your Akamai representative as usage of 2FA features must be approved during Limited Availability.


Customer Identity and Access Management (CIAM) can mean many different thing to many different people. To help you determine where Hosted Login fits in the CIAM world, we’ve put together a list of some of the more common (as well as a few less common) features found in CIAM implementations, and have indicated whether these features are supported in the current release of Hosted Login.

Feature

Supported in v1

Supported in v2

Add JavaScript/HTML Markup to the Login Page

Users are limited to modifications that can be made by changing the flow or by using CSS.

No

No

Age Gating

Restricts access to a website or mobile app based on a user's age: users below a specified age (or users who have not provided a birthdate) are denied access. 

Yes

Yes

“Back to App” Button Included on the User Profile Screens

Users can click a button to exit their user profile screens and return to the page they were on before they opened the profile. 


No

Yes

Change the Favicon

Organizations can change the default Akamai favicon that appears in browser tabs.

Yes

Yes

Change the Logo

Organizations can change the default Akamai logo that appears on the login and registration pages.

Yes

Yes

Configurable IDPs

Organizations can use standard protocols (such as SAML 2) to create social login identity providers that do not appear in the Akamai Engage app.

Yes

Yes

Consent Compliance and Management

Marketing consent is included out-of-the-box and additional consents can be added by the Akamai Services team.

Yes

Yes

Custom Claims

Claims effectively represent a single user attribute: a user’s first name is a claim, a user’s middle name is a second claim, and a user’s last name is a third claim. Claims can be created to represent any attribute in the user profile.

Yes

Yes

Custom Domain Name

Organizations can work with their Akamai representatives to “CNAME” their Hosted Login URLs.

Yes

Yes

Customize Token Lifetimes

Access token and refresh token lifetimes can be modified by using token policies (by default, access tokens expire after 1 hour and refresh tokens expire after 90 days). However, modifying token policies must currently be done by Akamai.

Yes

Yes

Delete Account

A user can delete his or her account and all the data associated with that account.

Yes

Yes

Email Verification

Websites/apps can prevent a user from fully logging on (i.e., from receiving an access token) until the user has verified their email address.

Yes

Yes

Email-only Registration (Light/Subscription Registration)

Registration method in which a user supplies an email address but no password.

No

No

Forgot Password

A user who can’t log on because they have forgotten their password can request an email link that will enable them to create a new password.

Yes

Yes

iframe Support

Hosted Login cannot be loaded in an iframe.This is due to browser security restrictions that prevent loading the session cookie in an iframe.

No

No

Legal Acceptances

Restricts access to a website or mobile app until a user has agreed to the terms of service and the privacy policy. 

Yes

Yes

Link Social Accounts

Enables a user to add a social login identity provider to their current account.

Yes

Yes

Localize Text

Translations can be added to a site by modifying the flow. Hosted Login supports all Unicode characters.

Yes

Yes

Manage Hosted Login by Using APIs

All Hosted Login components can be managed by using APIs. 

Yes

Yes

Manage Hosted Login by Using the Console

“Traditional” Identity Cloud components (such as applications, API clients, entity types, and flows) can be managed by using Console. However, OpenID Connect components – such as OIDC clients, login policies, and token policies – cannot be managed by using Console. Instead, these components must, for now, be managed by Akamai Professional Services.

Yes, but ....

Yes, but ….

Merge Social Accounts

If a user with an existing account logs on by using a social login identity provider that uses the same email address as the existing account, the existing account and the new IDP account can be joined together.

Yes

Yes

Mobile Device Access

Users can log on to or register with a website or app by using a mobile device. Note that Hosted Login supports the use of app browser tabs but does not support webviews. 

Yes

Yes

Mobile Device Verification

Mobile device numbers are verified before being added to a user profile.


No

Yes

Mobile Number as Identifier

Users can log on to a website or app by using their mobile device number rather than their email address.

No

No

Modify Hosted Login Screen CSS

Organizations can override the CSS stylesheet that dictates the look and feel of login, registration, and user profile screens. You can apply a different CSS stylesheet to each Hosted Login API client.

Yes

Yes

Modify the Hosted Login Flow

Hosted Login flows can be modified by using the Configuration APIs.

Yes

Yes

Modify Hosted Login Screen Text

The text displayed on Hosted Login screens can be modified.


Yes

Yes

Multifactor Authentication

Security system that requires more than one method of authentication in order to verify the user’s identity.

No

Yes

One-time Password

Automatically generated character string that authenticates a user for a single transaction or session.

No

Yes

Password Change/Reset

Users can change their own passwords, without requiring helpdesk support.

Yes

Yes

Premium IDPs

Identity providers that require initial configuration by Akamai support personnel before those IDPs are available in the Engage app. 

Yes

Yes

Progressive Profiling

Strategy in which you gradually build up a user profile over time, and in context. With progressive profiling, the personal data for a user is not collected all at once (e.g., at registration. Instead, data is collected over time, and only when needed to support the user experience.

No

Yes

reCaptcha

Advanced form of CAPTCHA that makes an initial assessment as to whether the entity attempt to register or to logon is a bot. 

Yes

Yes

Request a Copy of Stored Data

Users can request to see all of their personal data being stored by a website or app.

Yes

Yes

Required Attributes

Websites/apps can prevent a user from fully logging on (i.e., from receiving an access token) until the user has provided a non-null value for attribute in a specified set of required attributes.

Yes

Yes

Single Sign-on

Single sign-on is possible for sites that share the same OpenID Provider. Single sign-on is also available for all the apps on the same mobile device.

Yes

Yes

Social Registration

Users can log register with a website or app by first logging on to an existing account with a social login identity provider such as Facebook or Twitter.

Yes

Yes

Social Sign-on

Users can log on to a website or app by first logging on to an existing account with a social login identity provider such as Facebook or Twitter.

Yes

Yes

Step-up Authentication

After initial logon, and based on risk level, a user can be asked to provide an additional form of authentication before they can be fully logged on to a website or app.

No

Yes

Support for Trusted Devices

Users can mark a device as “trusted” and, by doing so, are able to bypass two-factor authentication for a specified period of time.

No

Yes

Third-Party Analytic Tools

Customer Insights is the primary analytic tool be used with Hosted Login. 

No

No

Traditional Registration

Users can register with a website or app by creating an account that uses an email address and password for logging on.

Yes

Yes

Traditional Sign-on

Users can log on to a website or app by supplying an email address and password.

Yes

Yes

Two-factor Authentication

After signing on with an email address and password, users are required to supply another form of authentication (such as a code sent to their mobile device) before they can be fully logged on to a website or app.

No

Yes

User Profile Management

Users have the ability to view, and to modify, their user profile.

Yes

Yes

Webhooks-Compatible

Akamai webhooks can be used to record activities such as user logins, user registrations, and user profile changes.

Yes

Yes